Networking and Cloud Storage

Network Configuration

Only registered devices can attach to the Yale network (design and implementation in progress).

Cloud Storage

Use only Yale contracted cloud storage. Data stored in a private consumer cloud account is not accessible to Yale personnel in case of emergency. The probability that sensitive University data or sensitive personal data will be improperly shared is increased.

Workstations and Mobile Devices

All Workstations

Strong passwords are absolutely required. Unique (e.g. a different password for each service you use), strong passwords are recommended.

Refreshed hardware: Workstation hardware should be replaced on a regular basis. Using a 4-year replacement cycle is recommended. Lab equipment may require a much longer replacement cycle, however, the hardware should be replaced before support for the installed operating system ends. Many users have found it difficult to comply was newer security best practices (including full-disk encryption) due to performance issues experienced on older hardware -this is not a security technology problem but a technology refresh problem.

ITS provides centralized patch management (through the Managed Workstation Program) to help ensure the stability, availability and security of your workstation.

Anti-Virus software must be installed.

Separate Administrator Access Account: Daily tasks on the workstation should be completed using a regular user account, but each user may have a separate administrative account created for installing software and updates.

Each workstation should be assigned a private IP address. Public addresses are for websites that have external consumers.

Full-disk encryption is required for workstations handling Lock-3 data, but is recommended for all workstations.

Servers and Databases

Servers

Servers must be housed in data centers or in server rooms with badge readers for access and security alarms/monitoring. Badge readers allow you to account for who has physically accessed a server room in a way that traditional key-locked doors cannot.